Note: the RAND_bytes() manual page says:
 RAND_bytes() puts num cryptographically strong pseudo-random bytes into buf.
It does not talk about using the previous contents of buf so we are working
as documented.

code checking tools.
PR: 1499

include release date of 0.9.8e

selection remodeling

Submitted by: Victor Duchovni

BIO and BIO_gets().

EHLO or CAPABILITY handshake before sending STARTTLS

Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>

PR: 1152
Submitted by: Mike Frysinger <vapier@gentoo.org>

PR: 1277
Submitted by: Mike Frysinger <vapier@gentoo.org>

PR: 1459
Submitted by: tnitschke@innominate.com
Reviewed by: steve@openssl.org

Change ssl_create_cipher_list() to prefer ephemeral ECDH over
ephemeral DH.

ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.

Also, change ssl_create_cipher_list() so that it no longer
starts with an arbitrary ciphersuite ordering, but instead
uses the logic that we previously had in SSL_DEFEAULT_CIPHER_LIST.
SSL_DEFAULT_CIPHER_LIST simplifies into just "ALL:!aNULL:!eNULL".

ciphersuite selection code in HEAD

Submitted by: Victor Duchovni

Submitted by: Victor Duchovni

This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).

In some cases the ciphersuite list generated from a given string is
affected by this change.  I hope this is just in those cases where the
previous behaviour did not make sense.

PR: 1490

Submitted by Kees Cook <kees@outflux.net>

- move zlib_stateful_ex_idx initialization to COMP_zlib()

PR: 1468

PR: 1467
Submitted by: Andrei Pelinescu-Onciul <andrei@iptel.org>

Add support for GOST 28147-89 in Gost ENGINE.

PR: 1476